A detailed analysis of the civil and criminal charges brought against BitMEX and its management by U.S. authorities, their impact, and implications
Peer-to-peer cryptocurrency exchange and derivatives platform Bitcoin Mercantile Exchange, or BitMEX, was one of the world’s largest cryptocurrency exchanges, processing over $2 billion in trades every day – until last month.
The exchange was abruptly dethroned and its management toppled when the U.S. Commodity Futures Trading Commission (CFTC) slapped civil charges on the owners of BitMEX on October 1, for operating an unregistered cryptocurrency derivatives trading platform in the U.S., and anti-money laundering violations.
“The complaint charges BitMEX with operating a facility for the trading or processing of swaps without having CFTC approval as a designated contract market or swap execution facility, and operating as a futures commission merchant by soliciting orders for and accepting bitcoin to margin digital asset derivatives transactions,” the CFTC statement noted.
The indictment named Co-founders Arthur Hayes, Benjamin Delo, and Samuel Reed as the defendants, along with five other entities that own and operate BitMEX. While the exchange is legally headquartered in the Seychelles, it has offices in New York and Hong Kong.
According to the CFTC statement, BitMEX has received over $11 billion in Bitcoin deposits and earned more than $1 billion in fees “while conducting significant aspects of its business from the U.S. and accepting orders and funds from U.S. customers,” despite neglecting to implement compliance protocols generally required for financial institutions operating in the U.S. market.
The CFTC is seeking relinquishment of all illegally-obtained funds from BitMEX, civil monetary penalties, restitution for the benefit of U.S. customers, and a permanent ban on registration and trading on BitMEX.
The situation was further exacerbated by the criminal charges brought by the New York Department of Justice (DOJ) on the same day, which charged BitMEX co-founders and its first employee and Head of Business Development Gregory Dwyer with violating the Bank Secrecy Act (BSA) and “failure to establish, implement, and maintain an adequate anti-money laundering (AML) program,” according to a DOJ statement.
The BSA is a primary law that encompasses all U.S. banks and financial institutions, and is designed to prevent, identify, and prosecute international money laundering and the financing of terrorism. Moreover, the U.S. Commodity Exchange Act (CEA) requires futures commission merchants (FCMs) like BitMEX to register with the CFTC, since Bitcoin and other cryptocurrencies are “commodities” as per the CEA.
The BSA requires companies like BitMEX to implement an AML program that includes “policies, procedures, and internal controls reasonably designed to prevent the financial institution from being used for money laundering or the financing of terrorist activities.”
The law also requires that FCMs implement a KYC policy within the anti-money laundering program that includes “risk based procedures for verifying the identity of each customer to the extent reasonable and practicable.” It specifies that FCMs should, at the least, collect the name, date of birth, address, and government identification number of customers prior to opening an account.
According to the DOJ statement, Reed was arrested on the morning of October 1 in Massachusetts and presented in the Federal court, while the other three accused remained at large. Reed was, however, subsequently released on a $5 million appearance bond secured by $500,000 cash, The Block reported on October 9.
Moreover, the DOJ indictment noted that BitMEX’s Chief Executive Officer (CEO) Hayes had claimed in July last year that the exchange was incorporated in the Indian Ocean archipelago Seychelles since bribing regulators in the jurisdiction cost only “a coconut.”
“Thanks to the diligent work of our agents, analysts, and partners with the CFTC, they [the defendants] will soon learn the price of their alleged crimes will not be paid with tropical fruit, but rather could result in fines, restitution, and federal prison time,” FBI Assistant Director William F. Sweeney Jr noted in the DOJ press statement.
According to the indictment, by September 2015, all accused BitMEX executives were aware that that the exchange served U.S. customers and was, therefore, required to implement an AML program, which includes a ‘know your customer’ (KYC) component, but willingly flouted the requirements.
The indictment further alleges that BitMEX’s policies to prevent U.S. customers from trading on its platform were “toothless or easily overridden,” and continued to serve the exchange’s goal of obtaining revenue through the U.S. market without complying with country’s regulations.
Over and above that, the defendants allegedly took affirmative steps to skirt U.S. regulatory requirements, such as incorporating the company outside the U.S., the indictment noted.
Although both the CFTC complaint and the DOJ indictment allege that BitMEX is operated by a “maze of corporate entities,” there are several possible reasons for a company to choose an operational model that spans multiple jurisdictions other than to serve a nefarious ulterior motive, according to a report by CoinTelegraph.
As Frost Brown Todd Attorneys’ Co-chair John Wagster told CoinTelegraph, “It is common for enforcement agencies to pursue every possible remedy to increase their negotiating leverage, so I would not read too much into that portion of the allegations.”
The indictment also noted that BitMEX had “made it itself a vehicle for money laundering and sanctions violations.” For instance, Hayes was informed of claims that BitMEX was used to launder the proceeds of a cryptocurrency hack, but failed to implement any AML or KYC policies, the indictment stated.
Moreover, the indictment cited internal BitMEX records that indicate Hayes and Delo personally communicated with customers who identified themselves as Iranians – who are subject to U.S. sanctions – but neglected to implement a formal AML policy in response.
The DOJ press statement noted that all four defendants are each charged with one count of violating the Bank Secrecy Act, and one count of conspiring to violate the Bank Secrecy Act, each of which entails a maximum penalty of five years in prison.
Not a surprise
While BitMEX is far from the first exchange or cryptocurrency company to be suspected of illegal activities, it is by far the largest and most established exchange to face criminal charges.
Besides, the charges hardly come as a surprise, since the exchange was known for its notoriously relaxed KYC norms. In fact, in 2015, the company’s website noted, “No real-name or other advanced verification is required on BitMEX,” according to the DOJ indictment.
BitMEX allowed customers to trade anonymously by providing only a verified email address and no identifying information or documents. That system lasted until August this year, when the exchange launched a user verification program, requiring all customers to complete ID verification by February 28, 2021.
Additionally, prior to the recently-implemented KYC program, users enjoyed high withdrawal limits, with little to no verification involved. The recent policy changes were announced shortly after chain analysis of the Twitter crypto hack in July revealed that one of the perpetrators was a BitMEX trader.
CoinTelegraph quoted blockchain intelligence firm CipherTrace’s Chief Financial Analyst John Jefferies as saying, “BitMEX has been under investigation by the CFTC since early 2019 for allowing Americans to trade on the platform, and they were given time to improve their Customer Identification Program to effectively exclude U.S. persons.”
“It’s not that law enforcement hasn’t been following and warning BitMEX, but that BitMEX’s ongoing negligence and lack of compliance led to the hammer finally coming down on them,” Jefferies added.
More serious charges could follow
Although the DOJ indictment mentions BitMEX’s sanctions violations, the DOJ is yet to press charges on that front. According to a report by CoinTelegraph, this is because the U.S. usually presses ‘lenient’ charges on foreign nationals, in order to obtain international extradition, since other countries do not always recognize the complex U.S. laws pertaining to money laundering and financial crimes.
Once the extradition is carried out, however, the lenient charges are lifted and the defendants are put on trial for more serious offenses, the report added.
In case of BitMEX, therefore, it is likely that the DOJ would pursue the more serious charges of breaching international sanctions in the future.
The announcement of the charges against BitMEX and its management triggered a mass exodus, as customers panicked and went on to withdraw Bitcoins from the exchange in a bid to secure their funds in case BitMEX became insolvent.
This is because, if BitMEX is found guilty of the charges, the exchange’s assets would be used to provide restitution to U.S. victims of money laundering and other crimes, which could lead to freezing of accounts, suspension of trading, and a sell off of international assets to pay victims –a fate similar to Russian exchange BTC-e, which was shut down by U.S. authorities in 2017 after civil and criminal actions.
BitMEX, however, continues to operate normally for the time being, although data from Coin Metrics indicates that on October 1, BitMEX saw Bitcoin withdrawals of over 20,000 BTC. Subsequently on October 2, the exchange observed the largest net outflow of Bitcoins to date, with almost 44,000 BTC withdrawn from its platform.
Although the rate of withdrawals stabilized slightly on October 4, BitMEX’s Bitcoin reserve has since dwindled by 37% from 192,986 BTC on September 30 to 120,000 BTC on October 5, the lowest since July 2018, according to Glassnode estimates.
BitMEX’s loss turned into gains for Binance and Gemini, which received almost 30% of the withdrawn Bitcoins in equal amounts.
Additionally, BitMEX’s daily trading volume has also plummeted by almost 50% to a little over 1 billion since the charges were levied against the exchange and its leadership team, thereby failing to rank even amid the top 10 exchanges by 24-hour trading volume as of October 11.
Moreover, open interest, or the number of outstanding derivative contracts like options and futures, on BitMEX’s Bitcoin derivatives market, dropped by over 20% from $592 million to $456 million by October 5. This indicates that fewer traders are opening positions on the exchange in light of the uncertainty caused by the legal furore, according to a report by Bitcoin.com.
BitMEX labelled ‘high risk’
To compound the problems already faced by BitMEX, on October 5, cryptocurrency investigations firm Chainalysis emailed its clients, including government agencies, banks and exchanges, and notified them that it will consider BitMEX a “high risk exchange” from October 13, according to a report by The Block.
“Any transfers from October 1st and later should be considered high risk,” the email stated. “Compliance teams should also look back at older transfers, but given this change may trigger alerts on thousands of older transfers, it is reasonable to do that incrementally.”
As a general rule, Chainalysis considers an entity to be high risk if criminal charges are brought against the entity or its owners or operators, to protect its clients, a Chainalysis spokesperson told The Block.
The label of high risk could well be a death knell for BitMEX, since regulated institutions are unlikely to continue using the exchange.
From ‘business as usual’ to a management overturn
While the charges fazed BitMEX customers who proceeded to withdraw Bitcoins from the exchange, BitMEX released an initial statement on October 2, stating, “We strongly disagree with the U.S. government’s heavy-handed decision to bring these charges, and intend to defend the allegations vigorously.”
“From our early days as a start-up, we have always sought to comply with applicable U.S. laws, as those laws were understood at the time and based on available guidance,” the statement added.
Moreover, to quash customer concerns regarding solvency risks, BitMEX also said that it has processed all pending withdrawal requests, and that the platform is “operating entirely as normal and all funds are safe.”
The statement added that the exchange would process withdrawals even outside its normal withdrawal hours – a move meant to further increase customer trust and to calm all fears of insolvency.
On October 7, a BitMEX spokesperson told CoinDesk that it is “business as usual” for BitMEX, despite the large-scale Bitcoin withdrawals.
However, a day later, the exchange announced in a blog post that Hayes and Reed have stepped back from their roles as CEO and CTO, effective immediately, and along with Delo, will not hold any executive positions in the 100x Group, which owns and operates BitMEX. Additionally, Dwyer will take a leave of absence from his role, the statement added.
Vivien Khoo, 100x Group’s Chief Operating Officer (COO), will assume responsibilities as interim CEO, while Commercial Director Ben Raddclyffe will assume additional responsibilities of client relationship management and oversight of financial products.
100x Group Chairman David Wong reiterated in the blog post that it is ‘business as usual’ for the exchange, and that, “These changes to our executive leadership mean we can focus on our core business of offering superior trading opportunities for all our clients through the BitMEX platform, whilst maintaining the highest standards of corporate governance.”
After BitMEX, DeFi may be set to face the wrath of U.S. regulators
While the BitMEX imbroglio is yet to unfold in its entirety, the crypto community is embroiled in a debate that DeFi could be the next target for U.S. authorities, since DeFi protocols, including DeFi exchanges (DEXs), have minimal AML and KYC procedures.
According to blockchain consultant and angel investor Adam Cochran, while regulators cannot directly shut down a DEX owing to its decentralized nature, authorities can, however, pursue charges against core developers who often hold ‘God mode’ admin keys that allows them to modify or replace smart contracts, along with domain providers hosting the front-end interfaces of DEXs, and others who enable or profit from the contract.
“That can lead to seizing domain names and hosting servers, shutting down front-ends, and arresting developers. If that happened to a protocol a large bulk of users would stop using it and not interact with the contract directly, essentially killing the protocol,” Cochran wrote in a Twitter thread discussing the potential implication of the BSA and CFTC regulations on DeFi.
He further argued that cryptocurrency users should embrace regulations like BSA since there is a fundamental difference between customer sovereignty and privacy of funds, and the facilitation of criminal activity.
He concluded with a resounding warning that although U.S. authorities may find it difficult to prosecute DeFi with the current outdated laws, the authorities are likely to find new tools and pressure points to apply BSA, and that DeFi protocols should, therefore, plan for BSA compliance or the exclusion of U.S. customers in the future.
Header image by Ewan Kennedy on Unsplash